How to collaborate without creating a shadow tenant
Guest access in Azure AD (now Microsoft Entra ID) is one of those features that looks simple on the surface: invite someone, they show up in your directory, and they can access Teams, SharePoint, and apps. The security reality is harsher.
A guest is an identity you don’t fully control, operating inside a tenant boundary you do control. That mismatch is exactly where data leaks, over-permissioning, and long-lived “forgotten” access happens—especially when guest access grows organically via Teams and SharePoint sharing.
If you want a definition that’s snippet-ready:
Securing guest access in Microsoft Entra ID means minimizing what external users can discover in your directory, enforcing strong authentication and session controls, tightly controlling invitations and allowed partner tenants/domains, and continuously expiring or re-validating access so guests don’t accumulate indefinitely.
This article goes beyond the usual “turn on MFA + do access reviews” advice. It explains the mechanics that create risk, the controls that actually change those mechanics, and the operational patterns administrators use in the real world to keep collaboration flowing without opening the tenant.
why guest access became a top-tier identity risk
Guest access used to be “a few partners.” Now it’s routine:
- vendors join Teams channels
- agencies edit SharePoint sites
- contractors need internal SaaS
- customers need project portals
The problem is that guest access scales faster than governance. Invitations are easy; lifecycle management is hard. And identity risk isn’t just “can they sign in?” It’s also:
- what can they enumerate?
- what can they share onward?
- what can they keep after the project ends?
- what happens when their home tenant is weak?
- what breaks when you lock it down?
Microsoft’s own guidance frames guest access inside a zero trust model: assume external identities are high-variance, then use policy gates (Conditional Access) and lifecycle controls (governance) to bound risk.
The surface view is incomplete (and why “MFA + restricted guests” isn’t enough)
The common checklist looks like this:
- restrict guest permissions
- require mfa
- limit who can invite
- run access reviews
All of that is correct—but incomplete because guest risk comes from three different planes that admins often blend together:
- directory plane: what the guest can see/do in Entra (users, groups, membership visibility)
- policy plane: what must be true at sign-in (mfa strength, device claims, session controls)
- resource plane: what SharePoint/Teams/apps allow once access is granted (sharing, download, app roles)
You can “secure guest access” in plane #1 and still leak data in plane #3. And you can harden plane #2 in a way that breaks redemption, profile access, or MFA registration—creating user experience failures that teams bypass by granting broader access elsewhere.
So the real job is not toggling settings. It’s engineering a controlled collaboration boundary.
The truth about guest access
Here are the foundational rules that drive both expected and surprising behavior:
1) invitation creates an identity object you must govern
Even before redemption, Entra creates a guest object that can later become active. That object must have lifecycle controls—otherwise it becomes permanent tenant residue. (Azure Documentation)
2) “least privilege” for guests is mostly about visibility
For many orgs, the biggest guest risk isn’t “they can change settings.” It’s that they can discover people, groups, and structures and then target phishing or lateral access requests.
That’s why the “restricted” guest permission level matters: when enabled, guests can view only their own profile and can’t enumerate users/groups or see group membership. (Microsoft Learn)
3) the resource tenant owns access decisions, but not all assurances
A guest authenticates using their home identity (or a one-time passcode / social identity depending on configuration). That means your tenant can require controls, but the upstream identity hygiene varies. (Azure Documentation)
4) cross-tenant trust changes the meaning of “require mfa”
When you enable cross-tenant trust for MFA, the guest can satisfy your MFA requirement using MFA performed in their home tenant—reducing friction and potentially improving security if their tenant uses phishing-resistant methods. But it also introduces dependency: you’re trusting their MFA claim. (Microsoft Learn)
5) governance is not optional at scale
If you can invite guests, you can accumulate guests. At scale, the only sustainable answer is continuous review/expiration (Access Reviews, Entitlement Management access packages, inactivity cleanup). (Microsoft Learn)
Let’s compare them practically: three “security postures” for guest access
Most organizations end up in one of these models. Knowing which one you are building helps you pick the right controls.
Posture A: Open collaboration (fast, risky)
- Anyone can invite
- Guests can see too much directory info
- MFA inconsistent (or only security defaults)
- No structured offboarding
This posture is common in orgs that grew on Microsoft 365 sharing first and governance later.
Posture B: Controlled collaboration (recommended default)
- Guests set to restricted
- Invitations limited to specific roles/groups
- Conditional access enforces strong auth + session controls
- Regular access reviews + inactive guest cleanup
This is the “balanced” posture Microsoft’s guidance and most enterprise designs aim for.
Posture C: Governed partner access (high assurance, lower sprawl)
- Guests onboarded via Entitlement Management access packages
- Partners scoped via cross-tenant access settings
- Auth strength policies (phishing-resistant where needed)
- Automatic expiration and removal when access packages end
This is best when you have repeat partner relationships and compliance pressure.
Settings, policies, and validation
This section is intentionally dense and operational. Treat it like a runbook you can adapt.
Step 0: map your guest threat model before changing anything
Minimum questions:
- Which workloads are guests using (Teams, SharePoint, specific enterprise apps)?
- Do guests need to discover other users in Teams?
- Are partners mostly Entra-to-Entra (B2B) or do you rely on email OTP / consumer identities?
- Do you need to trust partner MFA (cross-tenant trust) or enforce your own?
Why: some controls (like “restricted guests”) can impact Teams experiences and user search, so you want targeted deployment/testing. Microsoft’s Teams guest documentation explicitly calls out what restricted guest directory access means for guests.
step 1: restrict guest directory permissions (visibility hardening)
In the Entra admin center:
Identity → External Identities → External collaboration settings → Guest user access
Set guest user access to:
- “Guest user access is restricted to properties and memberships of their own directory objects (most restrictive)” – Microsoft Learn
What this does mechanically:
- Guests can view only their own profile
- They can’t enumerate users, groups, or memberships (including groups they belong to)
Validation ideas:
- Sign in as a test guest and attempt directory search in MyApps / profile experiences
- Attempt Teams user search scenarios you depend on (if your model requires it)
Related: Here’s a deep walkthrough: Managing guest access safely with Microsoft Entra.
Step 2: control who can invite guests (stop organic sprawl)
In the same External collaboration settings area, configure invitation permissions so “everyone can invite” is not your default.
A common enterprise pattern is:
- Members can invite: no
- Admins and users in the guest inviter role can invite: yes
- Optionally use an allow/deny list for domains depending on your risk profile
Why this matters:
- Teams and SharePoint sharing features can lead to decentralized invites. If you don’t constrain invitations, you’ll spend your life cleaning up guest sprawl instead of preventing it.
Operational option:
- Create a small, accountable “partner onboarding” group
- Assign Guest Inviter role (or gate via a request process)
- Log and review invites monthly
Step 3: enforce strong authentication for guests with conditional access (and avoid the classic breakage)
Microsoft provides reference policies for requiring MFA for guest users using Conditional Access.
Minimum baseline CA policy:
- Users: All guest and external users
- Cloud apps: start with key apps (SharePoint/Teams) or All cloud apps if you’ve tested
- Grant: Require multifactor authentication
But in 2025+ Entra, the more future-proof approach is authentication strength, so you can require phishing-resistant MFA for sensitive workloads.
Recommended layering:
- Baseline guests policy (broad):
- Require MFA (standard strength) for all guests
- Sensitive apps policy (narrow, strict):
- Require phishing-resistant authentication strength for guests accessing finance/HR/admin apps
Real-world gotcha (seen repeatedly in the field): “block all apps except Office 365” policies can break guest flows like invitation redemption, authentication method setup, or profile access. A practitioner write-up highlights the need to account for service dependencies (for example, “My Sign-ins” / essential service endpoints) when doing tight allowlisting.
Another field signal: admins commonly report guest MFA friction and unexpected behavior once they enable CA for external users—especially around how guests register methods across tenants. Even when your intent is correct, user experience failures will cause business pressure to weaken controls, so you want a tested rollout plan.
Hard requirement:
- exclude emergency access (“break glass”) accounts from CA to prevent lockout due to misconfiguration (Microsoft explicitly recommends this).
Related: A deeper Entra-side MFA strategy that also applies to hybrid identity – Setting up MFA policies in hybrid environments.
step 4: scope partner tenants with cross-tenant access settings (the “partner firewall”)
If your partners are primarily other Microsoft Entra organizations, cross-tenant access settings give you a higher-level control plane than invitation settings alone:
- Inbound settings: which external tenants/users can access your apps
- Outbound settings: how your users access partner tenants
- Trust settings: whether to trust partner MFA/device claims
This is how mature orgs avoid “any Entra tenant in the world can become my guest if someone invites them.”
A strong pattern:
- set default inbound to a restrictive stance (evaluate carefully—blocking can break existing B2B)
- add organization-specific rules for approved partner tenants
- enable trust MFA for high-quality partner tenants to reduce double-MFA pain while still requiring MFA in policy
Microsoft’s own “notes from the field” emphasizes that trust settings and authentication strengths should be reviewed together because they combine to determine where and how MFA is satisfied. (TECHCOMMUNITY.MICROSOFT.COM)
step 5: add lifecycle controls (access reviews + stale guest cleanup) so guests don’t become permanent
This is where most guest programs fail: you harden sign-in, but forget offboarding.
Microsoft documents two complementary approaches:
- monitor and clean up stale guest accounts
- use inactive guest insights
- use access reviews to block/delete inactive guests
- manage guest access with access reviews
- review guest membership in groups or assignments to apps
- auto-apply results (block sign-in, delete after a period)
If you need a high-assurance onboarding/offboarding loop, use Entitlement Management:
- onboard external users via access packages
- require approval
- set expiration
- automatically remove external users when they no longer have assignments
This is the “governed partner access” model from earlier.
Related: Here’s a Productized operational approach (reporting, automation, dashboards), ManageEngine’s practical guides without duplicating the entire walkthrough – How to clean up stale guest accounts using access reviews.
Step 6: validate with logs and “break tests”
Two validation loops you want in production:
- Sign-in log validation
- Confirm guests are hitting expected CA policies
- Check “MFA satisfied by claim” vs “MFA performed in resource tenant” when you use cross-tenant trust
- Collaboration break tests
- Invite + redeem flows
- Teams join/meeting/chat
- SharePoint external sharing scenarios
- Access package request + approval + expiry (if using entitlement management)
Advanced concepts that separate “configured” from “secure”
Use “policy tiers” instead of one policy to rule them all
A single global CA policy for all guests often fails because guest use-cases vary.
Better: build tiers based on resource sensitivity:
- Tier 1 (broad collaboration): Teams/SharePoint, require MFA
- Tier 2 (confidential apps): phishing-resistant strength
- Tier 3 (high-risk admin surfaces): block guests entirely unless explicitly justified
Check out our Zero Trust policy guidelines which aligns with this tiering approach. – Zero Trust architecture with Entra at the core
Treat partner tenants as a supply chain
Once you trust MFA/device claims from a partner tenant, you are effectively consuming their identity assurances.
This is why cross-tenant access settings should be managed like vendor security:
- Approve partner tenants explicitly
- Require security posture evidence for high-trust relationships
- Prefer phishing-resistant methods when possible
key takeaways: what “secure guest access” really means
If you remember only six things, make them these:
- Restrict guest directory permissions to stop enumeration and reduce social-engineering surface.
- Limit who can invite so guest growth is intentional, not accidental.
- Use Conditional Access with authentication strength, not just “turn on MFA,” and test for flow breakage.
- Use cross-tenant access settings to scope partner tenants and manage MFA trust intentionally.
- Automate lifecycle using access reviews, stale guest cleanup, and (for mature programs) entitlement management access packages.
- Validate continuously with sign-in logs and collaboration “break tests,” because misconfigurations are common and costly.